Google Pulls the Plug on Google+ After Exposing Private User Data

On Monday, the Wall Street Journal disclosed a security vulnerability in the Google+ social network that exposed the personal profile data of hundreds of thousands of users.

The glitch enabled third-party developers to potentially access private user data, such as usernames, email addresses, occupations, genders, and ages, from between 2015 to March 2018, until it was identified and fixed this past spring.

According to WSJ, Google’s management decided not to disclose this incident for fear it would trigger comparisons to Facebook's recent Cambridge Analytica scandal.

Not long after the news broke, Google announced in a blog post that it will be shutting down the consumer version of Google+ over a 10-month period, confirming that personal information belonging to as many as 500,000 Google+ users had been exposed.

The vulnerability was discovered as part of Google’s “Project Strobe” - an internal audit of the company’s APIs conducted by Google engineers.

Technically-speaking, this issue was the result of a flaw in an API Google created to help third-party app developers access an array of profile and contact information about the people who sign up to use their apps.

Unfortunately, the API had the unintended consequence of revealing user data explicitly marked private; private data belonging to both the user unknowingly granting the app permission to access it, and friends of that user, who had not.

Google claims it found “no evidence that any developer was aware of this bug, or abusing the API”, but it would not be difficult to imagine a hacker exploiting this critical vulnerability by publishing a fraudulent app, and integrating the Google+ API to effortlessly vacuum up private user data.

Staying Safe

Data breaches can happen for all kinds of reasons: a weak password, a programming error, or even a direct malicious cyber attack.

But whether your personal data has been compromised or not, a breach like this one is a good reminder to keep yourself, and your data, safe and protected.

Set up two-factor authentication: In addition to being a password manager, Myki also functions as a 2FA authenticator which can receive and even auto-fill your 2FA tokens.

Use strong passwords and change them frequently: Myki’s Password Generator makes it easy to generate long, complex, and virtually impossible to guess passwords.

Check if you’ve already been affected: Myki’s Was I Hacked feature can help you find out whether your email has already been part of a past data breach, which should be enough of an incentive for you to start implementing these safety measures!

Now that you’re fully armed with the necessary tools to securely manage your digital identity, make sure to keep an eye out for more cybersecurity news and developments on the Myki blog.